How do card readers for online banking work if they are not connected to the internet?

10 views
0

How do card readers for online banking work if they are not connected to the internet?

In: 5

What makes you think they’re not connected to the Internet?

….they are connected to the internet? Either via cellular data, local WiFi, or a lan cable.

Technically there is a method of taking credit card payments (not debit, credit only) while temporarily offline, but the merchant doesn’t receive any funds and no transaction is posted to the credit card holder until those offline transactions are submitted to the merchants credit card processing service, processed, and approved.

This has more risk involved than online immediately validated transactions because it can’t verify the funds are actually available at the time of the transaction so very few merchants or card processors will allow it.

The prevalence of chip+pin security has pushed all the manual card entry methods out the door in the name of security. Credit Card issuers/processors don’t like dealing with fraud cases, so they don’t allow customers to use their cards in ways that promote fraud.

If not connected to the internet at some point, they queue up the transaction information so it’s ready for when internet connection is established.

Do you mean the ones that generate a code for you to log into your online banking? They are done by having a secret key code which is stored in the device and known by your online banking. Online banking will all you to enter a code into the device, the device will then do a sum including the code and secret key and return a new value which is your login.

Have you ever used a 2FA code? Its a similar mechanism to that.

Essentially, both the bank and your card have a shared secret number – the bank sets this up when they issue you your card. You can think of it like a key that only the two of you have.

When you put your card into your card reader and enter your pin, you’re asked to enter something like a confirmation code, like the account number you’re trying to transfer money to. The card reader can then combine the secret number on the card with that confirmation code, which you then give to your online bank to give the output. The online bank can then check that output number – since it also has your secret number! But no one else without that secret number can perform that calculation!

The details of exactly how this works is a bit tricky, since cryptography gets mathy fast, and requires lots of other proofs of other useful properties, e.g. protecting against using the same output code twice, etc.